CVE-2025-24045
Published: 11 March 2025
Summary
CVE-2025-24045 is a high-severity Sensitive Data Storage in Improperly Locked Memory (CWE-591) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 46.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly implements controls to protect memory from unauthorized disclosure and execution, addressing the core issue of sensitive data in improperly locked memory exploited for RCE in Remote Desktop Services.
Ensures timely patching and remediation of the specific flaw in Windows Remote Desktop Services, preventing remote code execution exploitation.
Facilitates identification of CVE-2025-24045 through vulnerability scanning, enabling rapid remediation before exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability provides unauthenticated remote code execution in Windows Remote Desktop Services over the network, directly enabling the Exploitation of Remote Services technique for initial access or lateral movement.
NVD Description
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
Deeper analysisAI
CVE-2025-24045 is a vulnerability in Windows Remote Desktop Services that involves sensitive data storage in improperly locked memory, as indicated by CWE-591. Published on 2025-03-11, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact on confidentiality, integrity, and availability.
An unauthorized attacker with network access can exploit this vulnerability to execute code remotely. Exploitation requires high attack complexity but no privileges, user interaction, or scope change, enabling remote code execution against affected systems running the vulnerable Remote Desktop Services component.
The Microsoft Security Response Center provides guidance on this vulnerability, including details on patches and mitigation, in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045.
Details
- CWE(s)